Since 2010, the Global Law Experts annual awards have been celebrating excellence, innovation and performance across the legal communities from around the world.
posted 2 years ago
By now, Data Controller should be aware that under Section 23 of the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), the Data Controller is required to notify the Data Subject of the details and purposes of the collection, use, or disclosure of personal data through a Privacy Notice before or at the time of collection. In this regard, the Personal Data Protection Commission “PDPC” has issued a guideline regarding this matter of Privacy Notice and the collection of personal data which the Data Controllers must firstly determine whether there are any specific regulations issued by other regulators governing the same matter before complying with this guideline, respectively. If there are and such regulations do not have lower standard than those of PDPA, the Data Controller must follow those regulations.
Prior to preparation of the Privacy Notice, Data Controller must consider the fairness that Data Subject will receive including considering the consequences after the collection, use and disclosure of personal data and specifying the purpose of such collection in clear and plain language, not deceptive or misleading, plus, the purpose for processing personal data must be obvious, specific and lawful in order for the Data Subject to explicitly understand and aware of, particularly for the section relating the disclosure of personal data to third parties, before giving his or her consent. If there are any cases where other legal basis can be applied to the collection, use or disclosure of personal data, the Data Controller may rely upon those legal basis as well. The guideline also lists down details that should be specified in the Privacy Notice.
Section 25 of PDPA imposes the Data Controller to not collect personal data from other sources apart from Data Subject directly; however, the Data controller may do so if the following exceptions are met.
In this regard, the Data Controller shall either make a public announcement and state the necessities of such personal data collection or provide the Data Protection Impact Assessment (DPIA) in order to identify and assess the risk or damage that may result from the use or disclosure of personal data.
Author: Panisa Suwanmatajarn, Managing Partner.
posted 9 hours ago
posted 19 hours ago
posted 1 day ago
posted 2 days ago
posted 2 days ago
posted 2 days ago
posted 2 days ago
posted 2 days ago
No results available
ResetFind the right Legal Expert for your business
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.